Organizations may connect multiple local area networks (LANs) via a wide area network (WAN). Each LAN may interface with the WAN through one or more gateways. Often segments of a WAN pass through untrusted networks (e.g., the Internet) and operators commonly encrypt transmissions over such segments in order to increase security. Specialized security protocols may be utilized to efficiently encrypt communications at network gateways. Many of these security protocols, such as those contained within the Internet protocol security (IPsec) suite, include functionality for thwarting replay attacks.
A replay attack is characterized by a malicious user fraudulently retransmitting or delaying a previous valid data transmission. By retransmitting or delaying the previous transmission, the malicious user may masquerade as the legitimate user; fraudulently transmitting communications that appear to be from the legitimate user or intercepting and decrypting messages intended for the legitimate user.
One method for counteracting replay attacks is to utilize sequence numbers. Sequence numbers are maintained on a security association (SA) basis by the transmitting and receiving nodes (e.g., gateways or hosts). When a packet is transmitted, the transmitting node marks the packet with a sequence number. When the packet is received, the receiving node examines the sequence number. If the sequence number has already been received or is less than the trailing edge of the sequence number window for the SA, the packet is considered invalid by the receiving node. Alternatively, if the sequence number has not already been received and is within or ahead of the sequence number window for the SA, the packet is considered valid by the receiving node.
Network gateways may be setup in a redundant configuration in order to increase performance and reliability. Utilizing a redundant network gateway configuration, however, creates challenges in assigning sequence numbers to encrypted packets. Specifically, a gateway must ensure that it is cognizant of the activity of its peer gateways with respect to an SA before taking action itself. Additionally, coordinating gateway action may require increased levels of inter-15 gateway communication and be associated with substantial overhead. Accordingly, a need exists for methods, systems, and computer readable media for adaptive assignment of an active security association instance in a redundant gateway configuration.